CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37760 532 2021-07-31 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
2 CVE-2021-37759 532 2021-07-31 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
3 CVE-2021-37746 601 2021-07-30 2021-09-20
5.8
None Remote Medium Not required Partial Partial None
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
4 CVE-2021-37743 79 XSS 2021-07-30 2021-08-02
3.5
None Remote Medium ??? None Partial None
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
5 CVE-2021-37742 79 XSS 2021-07-30 2021-08-02
3.5
None Remote Medium ??? None Partial None
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
6 CVE-2021-37606 327 2021-07-30 2021-08-10
5.0
None Remote Low Not required Partial None None
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.
7 CVE-2021-37601 668 +Info 2021-07-30 2021-09-20
5.0
None Remote Low Not required Partial None None
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
8 CVE-2021-37600 190 Overflow 2021-07-30 2021-10-18
1.2
None Local High Not required None None Partial
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
9 CVE-2021-37596 79 XSS 2021-07-30 2021-08-09
4.3
None Remote Medium Not required None Partial None
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
10 CVE-2021-37595 20 2021-07-30 2021-08-09
7.5
None Remote Low Not required Partial Partial Partial
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
11 CVE-2021-37594 20 2021-07-30 2021-08-09
7.5
None Remote Low Not required Partial Partial Partial
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.
12 CVE-2021-37593 89 Exec Code Sql 2021-07-30 2021-09-21
6.4
None Remote Low Not required Partial Partial None
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
13 CVE-2021-37588 326 2021-07-30 2021-08-09
4.3
None Remote Medium Not required Partial None None
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
14 CVE-2021-37587 326 2021-07-30 2021-08-09
4.0
None Remote Low ??? Partial None None
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
15 CVE-2021-37578 502 2021-07-29 2021-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.
16 CVE-2021-37576 787 Mem. Corr. 2021-07-26 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
17 CVE-2021-37555 798 2021-07-26 2021-08-09
10.0
None Remote Low Not required Complete Complete Complete
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
18 CVE-2021-37534 79 XSS 2021-07-26 2021-08-03
3.5
None Remote Medium ??? None Partial None
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
19 CVE-2021-37478 89 Sql 2021-07-26 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
20 CVE-2021-37477 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
21 CVE-2021-37476 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
22 CVE-2021-37475 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
23 CVE-2021-37473 89 Sql 2021-07-26 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
24 CVE-2021-37470 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript.
25 CVE-2021-37469 22 Dir. Trav. 2021-07-25 2021-08-05
4.0
None Remote Low ??? Partial None None
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
26 CVE-2021-37468 200 +Info 2021-07-25 2021-08-05
2.1
None Local Low Not required Partial None None
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
27 CVE-2021-37467 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).
28 CVE-2021-37466 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).
29 CVE-2021-37465 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).
30 CVE-2021-37464 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).
31 CVE-2021-37463 79 XSS 2021-07-25 2021-07-30
3.5
None Remote Medium ??? None Partial None
In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).
32 CVE-2021-37462 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected).
33 CVE-2021-37461 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected).
34 CVE-2021-37460 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).
35 CVE-2021-37459 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).
36 CVE-2021-37458 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).
37 CVE-2021-37457 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
38 CVE-2021-37456 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
39 CVE-2021-37455 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
40 CVE-2021-37454 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
41 CVE-2021-37453 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
42 CVE-2021-37452 522 2021-07-25 2021-08-05
2.1
None Local Low Not required Partial None None
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
43 CVE-2021-37451 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
44 CVE-2021-37450 79 XSS 2021-07-25 2021-07-28
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
45 CVE-2021-37449 79 XSS 2021-07-25 2021-08-04
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected).
46 CVE-2021-37448 79 XSS 2021-07-25 2021-08-04
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored).
47 CVE-2021-37447 22 Dir. Trav. 2021-07-25 2021-08-04
5.5
None Remote Low ??? None Partial Partial
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.
48 CVE-2021-37446 22 Dir. Trav. 2021-07-25 2021-08-04
4.0
None Remote Low ??? Partial None None
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
49 CVE-2021-37445 22 Dir. Trav. 2021-07-25 2021-07-30
4.0
None Remote Low ??? Partial None None
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
50 CVE-2021-37444 22 Exec Code Dir. Trav. 2021-07-25 2021-07-30
6.5
None Remote Low ??? Partial Partial Partial
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.
Total number of vulnerabilities : 1587   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.